As from April 2021, Secutel Technologies is ISO 27001 Certified.
ISO 27001 is the international standard which is recognised globally for managing risks to the security of information held. Certification to ISO 27001 allows us to prove to our clients and other stakeholders that we are managing the security of information. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving our ISMS.
BUSINESS CONTINUITY MANAGEMENT POLICY
To meet our business objectives and ensure continuity of our operations, Secutel Technologies shall adopt and follow well-defined and time-tested plans and procedures, build redundancy in teams and infrastructure, and manage a quick and efficient transition to the backup arrangement for business systems and services.
This Business Continuity Management (BCM) Policy reiterates the commitment of Secutel Technologies towards delivering the fastest transition and the highest quality of services through backup arrangements ensuring that the customers, business activities, and services do not suffer in any way. To provide such a level of continuous operation, Secutel Technologies has implemented a Business Continuity Management System (BCMS) in line with the international standard ISO22301:2019.
The operation of this BCMS has many benefits for the business, including:
• Protection of revenue streams and company profitability
• Ensuring the supply of goods and services to customers
• Maintenance and enhancement of shareholder value
• Compliance with legal and regulatory requirements
The Business Continuity Policy intends to:
• Establish a systematic approach for business continuity;
• Create awareness amongst the concerned employees about business continuity aspects and its importance and;
• Test and review the business continuity plan.
a) The boundaries of the BCMS as implemented within Secutel Technologies are defined in ISM-01
Secutel ISO Integrated Management System Manual.
b) Top management is committed to provide appropriate resources to establish and develop the
c) The Head of Business Process shall have overall authority and responsibility for the implementation
and management of the BCMS, specifically:
• The identification, documentation, and fulfilment of applicable requirements
• Assigning authorities and responsibilities for the implementation, management, and improvement of BCM processes
• Integration of business processes with the BCMS
• Compliance with statutory, regulatory, and contractual requirements in the management of assets used to deliver products and services
• Reporting to top management on performance and improvement of the BCMS
d) It is also the responsibility of the Head of Business Process to ensure that employees understand the roles they are required to fulfil and that they have appropriate skills and competence to do so. Training needs will be identified, and a plan maintained to ensure that the necessary competencies are in place.
e) Secutel Technologies makes use of various third parties, both internal and external, in the delivery of products and services to its customers. Where this involves the operation of a business process, or a part of the process on behalf of Secutel Technologies, that falls within the defined scope of the BCMS, identified in IMS-01 Integrated Management System Manual.
In all cases, Secutel Technologies will retain governance of the relevant BCM processes by
• Accountability for the process
• Control of the definition of and interface to the process
• Performance and compliance monitoring
• Control over process improvements
f) Business Continuity Objectives are defined within IMS 01.1 ISM Objectives, which will coincide with organisational budget planning to ensure that adequate funding is obtained for the improvement activities identified. These objectives will be based upon a clear understanding of the overall business requirements and how they may change during the year.
Objectives will be reviewed at least on an annual basis as part of the management review process.g) Secutel Technologies’ top management shall continually improve the effectiveness of the BCMS across all areas within scope and increase the level of proactivity (and the business perception of proactivity) about the on-going management of business continuity. Improvements or changes which may arise from continual improvements, events related to the internal and external context of the organization (such as internal re-organizations or mergers and
acquisitions) or an increase or decrease in the scope will be managed through PROC-09 Continual Improvement & Change process.
h) High level risk assessments will be reviewed on an annual basis, or upon significant change to the business environment. For more detail on the approach to risk assessment please review the document PROC-01 Risk Ass Risk Treatment Methodology
i) Regular BCMS reviews of how well processes and procedures are being adhered to by:
• Quarterly management review of conformity to policies and procedures
• Internal audit reviews against the ISO 22301 standard as detailed in PROC-07 Internal Audits
• External audit to gain and maintain certification to ISO22301
j) All BCM policies and plans are created and managed through their lifecycle as set out in PROC-06 Documented Information, which are uniquely numbered and tracked in CD-000 Control Documents Register, including records as evidence that processes are being carried out effectively.
The Head of Business Process shall invoke the BCM process in consultation with the BCM Team Members for catastrophic and major disasters. It is the responsibility of the BCM Team to ensure that adequate spare resources are available for recovering from a disaster in the infrastructure level. It is mandatory for all BCM Team Leaders to maintain the BCM documents in an easily accessible and secure location.
The BCM Policy shall be updated whenever there are changes to the operational environment of Secutel Technologies, or in the event of no changes incorporated, annually.
The BCM Policy and Plan testing process for vital services shall be done at least annually.
Carel Brink CEO